'The net result would be the introductionof substantial vulnerabilitiesinto the network, and aside effect would be to move mostof the infrastructure needed for asuccessful intercept outside ofthe U.S.,' Internet pioneer VintonCerf said recently in introducingthe study by the IT Association ofAmerica. 'The more I dig into it,the harder it gets.'

ITAA performed the study inresponse to a ruling by the FederalCommunications Commissionthat the CommunicationsAssistance to Law EnforcementAct (CALEA) should apply tobroadband Internet and voiceover IP service providers.CALEA mandates that equipmentused in public, switchedtelephone networks accommodatewiretaps for law enforcementagencies.

Technical hurdles

With voice services now beingoffered over the Internet andother IP networks, FCC has saidthey should be treated the sameas telephone networks. The rulehas been upheld by the U.S.Court of Appeals for the Districtof Columbia.

But saying it and doing it aretwo different things. The infrastructuresand technologies underlyingVOIP and PSTN servicesare very different. The Internetis not centralized andprovides a multitude of flexibleservices. IP addresses and locationsof end points often are notstatic and traffic is not transmittedover a fixed circuit.

'It actually is quite hard to figureout who is talking to whom'in a VOIP call, said Cerf, chief Internetevangelist for Google Inc.

For an effective wiretap, informationis needed from boththe call setup, which establishesthe connection between twoend points, and the transmission.

But the VOIP providerdoing call setup often has littleto do with the infrastructureused to transmit the packets,said Whitfield Diffie of Sun MicrosystemsInc.

The wiretap would requirethat the provider doing callsetup give routing data for thecall to law enforcement in realtime, and the agency then wouldhave to serve an order or warrantin real time on the propercarriers, who would have to validatethat order, again in realtime.

'It's conceivable all of thiscould be done, but it'snot clear it could bedone by mandate,'Diffie said. 'It's veryhard to see how somethinglike this could bedone both effectivelyand securely.'

Another element of the problemfacing law enforcementagencies is that VOIP is not aspecific technology, but a broaddescription of a type of servicethat can be implemented in avariety of ways. VOIP traffic iscarried in the same type of packetsas every other type of traffic.

'VOIP is just another networkapplication,' Cerf said. 'I don'tsee any way to restrict and constrainthe target to just voice.'